"The vulnerability exists in the ESM agent remote upgrade interface," Symantec said. "The ESM agent accepts remote upgrade requests from any entity that understands the upgrade protocol. The ESM agent does not currently verify that upgrades are from a trusted source."

As a result, attackers with knowledge of the agent protocol could deploy malware that allows them to control the host computer. Adding to the problem is that the ESM agent runs with administrative privileges.

According to FrSIRT, the first problem is caused by input validation errors in the "AxKLProd60.dll" and "AxKLSysInfo.dll" ActiveX controls when processing arguments passed to certain methods such as StartUploading. Attackers could exploit this to retrieve or delete arbitrary files from a vulnerable system by tricking a user into visiting a specially crafted Web page.

The second vulnerability is caused by a heap overflow error in the OnDemand Scanner when parsing malformed ARJ archives via the "arj.ppl" module, FrSIRT said. Attackers could exploit this to run malicious commands by sending an email with the malicious file to a system being protected by a vulnerable application. The third issue is an integer overflow error in the hook function for the "_NtSetValueKey()" function when handling a large unsigned value for the data size argument. Attackers could exploit this to run malicious code with elevated privileges.

The fourth vulnerability is caused by an error in the "klif.sys" driver, which could be exploited by malicious users to execute arbitrary commands with Ring-0 privileges, FrSIRT said.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy